<?php

/*

COMP 353F
Dr. B Desai
Final Project
Group #11

6330746 Nicholas CONSTANTINIDIS
9532862 Jacqueline FU
5484537 Claudio Javier LOPEZ FLORES
9218416 Que Tung NGUYEN

*/

  session_start();
?>

<!DOCTYPE html>
<html lang="en">
<head>
        <title>CoBAGSys - Home</title>
        <link type="text/css" rel="stylesheet" href="css/mystyle.css">
        <script type="text/JavaScript" src="js/validate.js"></script>
        <script type="text/JavaScript">
        <!--
        function ValidateFields() {
	        return ValidateFieldNotEmpty("slick-login", "email", "username")
	        && ValidateFieldNotEmpty("slick-login", "password", "password");
        }
        //-->
        </script>
</head>
<body>
    <?php
      require 'menus.php';
    ?>
    <?php
		function reservePostingForMember() {
			$db = new Connect();
			
			$sql = "INSERT INTO Reservation(email, pID, rDatetime) " .
				   "SELECT email, " . $_GET['pid'] . ", now()" .
				   "FROM MemberInfo " .
				   "WHERE mid = " . $_SESSION['mid'];
				   
			$result = $db->query($sql);
			
			if(!$result || mysql_affected_rows() == 0) // Couldn't reserve posting
			{
				return false;
			}
			else // Posting reserved
			{
				return true;
			}
		}
		
		function reservePostingForGuest() {
			$db = new Connect();
			
			$sql = "INSERT INTO Reservation(email, pID, rDatetime) " .
				   "SELECT '" . $_POST['email'] . "', " . $_GET['pid'] . ", now()";
				   
			$result = $db->query($sql);
			
			if(!$result || mysql_affected_rows() == 0) // Couldn't reserve posting
			{
				return false;
			}
			else // Posting reserved
			{
				return true;
			}
		}
		
		function guestPasswordMatches() {
			$db = new Connect();
			
			$sql = "SELECT email " .
				   "FROM Guest " .
				   "WHERE email = '" . $_POST['email'] . "' AND password = '" . $_POST['password'] . "'";
				   
			$result = $db->query($sql);
			
			if(!$result || mysql_num_rows($result) == 0) // Couldn't match password
			{
				return false;
			}
			else // Password match
			{
				return true;
			}
		}
		
		function registerGuestPassword() {
			$db = new Connect();
			
			$sql = "INSERT INTO Guest(email, password) " .
				   "VALUES('" . $_POST['email'] . "', '" . $_POST['password'] . "')";
				   
			$result = $db->query($sql);
			
			if(!$result || mysql_affected_rows() == 0) // Couldn't register password
			{
				return false;
			}
			else // Password registered
			{
				return true;
			}
		}
		
		$reservesuccess = false;
		if (isset($_GET['pid']) && isLoggedIn())
			$reservesuccess = reservePostingForMember();
		if (isset($_POST['reserve']) && guestPasswordMatches())
			$reservesuccess = reservePostingForGuest();
		if (isset($_POST['reserve']) && registerGuestPassword())
			$reservesuccess = reservePostingForGuest();
    ?>
    <div id="main">
		<p class="title">
			Reserve posting
		</p>
<?php
	if ($reservesuccess)
	{
		print "<p class=\"normal\">The posting has been reserved, you have been added to the waiting list.</p>";
	}
	else if (isLoggedIn())
	{
		print "<p></p><span class=\"error\">INVALID POSTING SPECIFIED!</span>";
	}
	else if (!isLoggedIn())
	{
		if (isset($_POST["reserve"]))
			print "<p></p><span class=\"error\">INVALID PASSWORD!</span>" ;
	
		print "<form id=\"slick-login\" onsubmit=\"return ValidateFields();\" action=\"reservepost.php?pid=" . $_GET['pid'] . "\" method=\"post\"> ";
		print "<input type=\"text\" name=\"email\" placeholder=\"Username (email)\"> ";
	    print "<input type=\"password\" name=\"password\" placeholder=\"Password\"> ";
		print "<p></p> ";
		print "<input type=\"submit\" name=\"reserve\" value=\"Reserve\"/> ";
		print "</form> ";
	}
?>
    </div>
</body>
</html>
